In recent years, as an increasing number of communication applications have migrated to packet transport that was often intended for an open Internet application, such applications have become subject to many of the security issues that plague the public Internet. Malicious software (malware) and social engineering tactics are becoming of increasing concern.
Malware is software designed to disrupt the operation of a computing device, including personal computers (PCs) and mobile devices such as smart-phones, tablets, and personal digital assistants (PDAs). Malware includes viruses, worms, spyware, Trojans, adware, botnets, spambots, keyloggers, etc. For example, a Trojan is a malicious program hidden within a legitimate application. When activated, a Trojan allows criminals to gain unauthorized access to a user's computer (e.g., mobile device). A botnet is a collection of malware affected devices, ranging in size from a dozen to tens of thousands that can be coordinated by a Command and Control (C&C) server. A botnet can be used in spam, identity theft, or distributed denial of service (DDOS) attacks. A spambot is an automated program that harvests personal contact information to send unsolicited email, short message service (SMS) or social media messages. A spambot may even decipher passwords and send its messages directly from a user's account. A keylogger captures passwords, usernames, bank account information, and credit card numbers typed into a computing device to later transmit the information back to the nefarious party.
Users may also become prey to social engineering for a variety of reasons, which in the context of computing device security, is the manipulation of users into performing actions or divulging confidential information. It is also used in deception for the purpose of information gathering, fraud, or unauthorized computing device access. For example, a hacker may contact a system administrator and pretend to be a user who cannot get access to his or her system. For simplicity, any form of malware or social engineering event or combination of events are collectively referred to herein as a “security attack.”
In order to guard against these advanced threats and others in a complex and evolving climate of virtualization, cloud services, and mobility, individual users as well as business enterprises increasingly take a data-centric approach to safeguarding their sensitive information. Software-based security solutions are frequently used to encrypt the data to protect it from theft. Encryption encodes messages or information in such a way that only authorized parties can have access to it. Other security efforts include better passwords, ever more complicated encryption techniques, and hardening of machines and communication channels. Such security approaches can be weakened by the carelessness or lax attitude of users of these protected systems. Different types of users may be more vulnerable to different types of security attacks.